Named where consent has landed, descriptive where it hasn’t. No fabricated counts.
Live in finance (precious-metals trading), healthcare (clinic operations), and logistics (vendor
self-hosted deploys). Anchor customer: Code Zero, shipping onto customers’ own infrastructure on
Akua.
Can someone in another country shut off our IT?
No. The cluster runs on your infrastructure and the admin keys are yours — not ours, not
escrowed. The worker bootstrap is outbound-only: there is no inbound network path from us into
your environment. If we disappear, your installs keep running.
Four receipts, not four promises.
The structural reasons control stays with you — readable by your Legal and Compliance teams without a translator.
Customer-held admin keys
The cluster admin password is yours. Not ours, not shared, not escrowed.
Outbound-only bootstrap
No inbound network path from Akua into your environment.
No markup on compute
You pay Hetzner / AWS / OVH / IONOS / on-prem directly. We’re not in that bill.
Standard formats end to end
Open package format, OCI images, plain git. Take the export, run it anywhere.
Your vertical, specifically.
Finance — DORA and the EU AI Act
DORA has been in force since January 2025: Article 28 obliges ICT third-party risk
management and a gapless information register. Akua’s per-install repository plus the
reviewed-proposal flow are that audit trail — the register populated by architecture, not by
a quarterly scramble. From August 2026 the EU AI Act requires documented audit paths for AI
in credit and insurance; the supervised-entity pattern produces those event logs by design.
ECB, Bundesbank, and BaFin are in Frankfurt. So are we. An active pilot runs with a
precious-metals trading vendor preparing internal software deployment under DORA
constraints.
Healthcare
Clinics run software on their own servers because patient data and regulatory posture demand
it. The per-install repository is the audit trail a clinic can hand to its data-protection
officer. Two clinic-management vendors run on Akua today — one for the OR area, one for
general clinic operations — with patient data isolated per site on customer infrastructure.
Logistics
When a contract requires the software to run on dedicated or customer-owned servers, the
per-customer deploy is usually a per-customer engineering hire. Akua turns it into a sign-up
flow. An active pilot runs with a logistics-software vendor whose deploy lives on customer
servers by contract.
Mittelstand
The Mittelstand has to digitize and adopt AI under DSGVO, DORA, and the EU AI Act — without
the budget for a platform team. Akua’s agentic operating mode is the answer: the platform
operates itself under review, so the obligations are met without the headcount.
What if Akua disappears?
Your cluster, your data, and your admin keys stay yours. The export is open by architecture —
open package format, OCI images, plain git. Take it and run it anywhere your operations team can
run a cluster.
What it costs, in shape.
No tier table here — the shape, not the number. Numbers come from a founder conversation.
The platform
A flat fee we charge for the software that orchestrates your installs.
Infrastructure
Paid to your provider directly — Hetzner / AWS / OVH / IONOS / on-prem.
Compute markup
None. We are not in your infrastructure bill.
Numbers
Talk to the founders for a procurement-shaped conversation.
The questions your lawyer will ask.
Where does our data live?
In your infrastructure. You choose the cloud, the region, and the provider.
Can the platform vendor shut our software off?
No. The admin keys are yours and the bootstrap is outbound-only. If they disappear, the software keeps running.
How do we satisfy DORA Article 28?
The per-install repository plus the reviewed-proposal flow are the audit trail; the information register is populated by architecture.
What about SOC 2, ISO 27001, BSI-C5?
SOC 2 Type II is in progress; ISO 27001 and BSI-C5 are on the roadmap. Each is named with its actual status — no badge wall.
What’s the audit story for the EU AI Act?
Every change reaches main through a reviewed proposal, and every long-lived resource has a supervised-entity event log. Documented audit paths by architecture, not by policy.
How do we evaluate without committing?
Talk to the founders for a procurement-shaped conversation, and run a first install before anything is signed.
Choose the cloud. Keep the keys. Read every change before it lands.
Your vendors ship the way you require. Talk to the founders before you sign anything.